automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-01-27 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-01-27 20:10:22 +0000
commit: 555e78bc45263a9494870ee2e8cc6d03dc26cf78 (patch)
tree: 28b4f9497203d263326af74c657565a99fe782f3
parent: eb4d77acdfd77d2c9ceb772aecc7632aa947f87d (diff)
4 files changed, 111 insertions, 79 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index fb2735b74a..c3a27825ea 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -33215,6 +33215,7 @@ CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decod
 	- linux 4.11.11-1
 	NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
 CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...)
+	{DLA-2535-1}
 	- ansible 2.3.1.0+dfsg-1 (bug #862666)
 	[jessie] - ansible <not-affected> (vulnerable code introduced in version 2.x)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 951460d785..6f1143f019 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -3198,6 +3198,7 @@ CVE-2019-19730
 CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
 	NOT-FOR-US: bsjon-objectid node module
 CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
+	{DSA-4841-1}
 	- slurm-llnl 19.05.5-1
 	[stretch] - slurm-llnl <no-dsa> (Minor issue)
 	[jessie] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
@@ -15278,6 +15279,7 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor
 	NOTE: https://github.com/ansible/ansible/pull/65423
 	NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
 CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...)
+	{DLA-2535-1}
 	- ansible 2.9.4+dfsg-1 (low)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.0)
@@ -15612,7 +15614,7 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.
 	[jessie] - samba <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
 CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to  ...)
-	{DLA-2202-1}
+	{DLA-2535-1 DLA-2202-1}
 	- ansible 2.8.6+dfsg-1 (low; bug #942188)
 	[buster] - ansible <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
@@ -28227,6 +28229,7 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a
 	NOTE: https://github.com/ansible/ansible/pull/63351
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
 CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
+	{DLA-2535-1}
 	- ansible 2.8.6+dfsg-1 (bug #933005)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)
@@ -28448,7 +28451,7 @@ CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An
 CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did  ...)
 	NOT-FOR-US: Keycloak
 CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...)
-	{DLA-1923-1}
+	{DLA-2535-1 DLA-1923-1}
 	- ansible 2.8.3+dfsg-1 (low; bug #930065)
 	[buster] - ansible <no-dsa> (Minor issue)
 	NOTE: https://github.com/ansible/ansible/pull/57188
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 317e26d44d..03353e1174 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -549,8 +549,8 @@ CVE-2020-36014
 	RESERVED
 CVE-2020-36013
 	RESERVED
-CVE-2020-36012
-	RESERVED
+CVE-2020-36012 (Stored XSS vulnerability in BDTASK Multi-Store Inventory Management Sy ...)
+	TODO: check
 CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart  ...)
 	NOT-FOR-US: QDOCS Smart Hospital Management System
 CVE-2020-36010
@@ -7182,6 +7182,7 @@ CVE-2020-27748 [local file inclusion vulnerability]
 CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...)
 	NOT-FOR-US: Click Studios Passwordstate
 CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Informa ...)
+	{DSA-4841-1}
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <removed> (bug #974722)
 	[stretch] - slurm-llnl <no-dsa> (Minor issue)
@@ -7190,6 +7191,7 @@ CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive I
 	NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c
 	NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix
 CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...)
+	{DSA-4841-1}
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <removed> (bug #974721)
 	[stretch] - slurm-llnl <no-dsa> (Minor issue)
@@ -8846,6 +8848,7 @@ CVE-2020-26977 (By attempting to connect a website using an unresponsive port, a
 	- firefox <not-affected> (Android specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
 CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was a servic ...)
+	{DSA-4840-1}
 	- firefox 84.0-1
 	- firefox-esr 78.7.0esr-1
 	- thunderbird <unfixed>
@@ -16968,26 +16971,26 @@ CVE-2020-23363
 	RESERVED
 CVE-2020-23362
 	RESERVED
-CVE-2020-23361
-	RESERVED
-CVE-2020-23360
-	RESERVED
-CVE-2020-23359
-	RESERVED
+CVE-2020-23361 (phpList 3.5.3 allows type juggling for login bypass because == is used ...)
+	TODO: check
+CVE-2020-23360 (oscommerce v2.3.4.1 has a functional problem in user registration and  ...)
+	TODO: check
+CVE-2020-23359 (WeBid 1.2.2 admin/newuser.php has an issue with password rechecking du ...)
+	TODO: check
 CVE-2020-23358
 	RESERVED
 CVE-2020-23357
 	RESERVED
-CVE-2020-23356
-	RESERVED
-CVE-2020-23355
-	RESERVED
+CVE-2020-23356 (dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type ju ...)
+	TODO: check
+CVE-2020-23355 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/use ...)
+	TODO: check
 CVE-2020-23354
 	RESERVED
 CVE-2020-23353
 	RESERVED
-CVE-2020-23352
-	RESERVED
+CVE-2020-23352 (Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP l ...)
+	TODO: check
 CVE-2020-23351
 	RESERVED
 CVE-2020-23350
@@ -31739,27 +31742,27 @@ CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archi
 	NOTE: https://kde.org/info/security/advisory-20200730-1.txt
 	NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
 CVE-2020-16115
-	RESERVED
+	REJECTED
 CVE-2020-16114
-	RESERVED
+	REJECTED
 CVE-2020-16113
-	RESERVED
+	REJECTED
 CVE-2020-16112
-	RESERVED
+	REJECTED
 CVE-2020-16111
-	RESERVED
+	REJECTED
 CVE-2020-16110
-	RESERVED
+	REJECTED
 CVE-2020-16109
-	RESERVED
+	REJECTED
 CVE-2020-16108
-	RESERVED
+	REJECTED
 CVE-2020-16107
-	RESERVED
+	REJECTED
 CVE-2020-16106
-	RESERVED
+	REJECTED
 CVE-2020-16105
-	RESERVED
+	REJECTED
 CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher  ...)
 	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...)
@@ -40500,6 +40503,7 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
 CVE-2020-12694
 	RESERVED
 CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)
+	{DSA-4841-1}
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <removed> (bug #961406)
 	[stretch] - slurm-llnl <no-dsa> (Minor issue)
@@ -58388,10 +58392,10 @@ CVE-2020-5430
 	REJECTED
 CVE-2020-5429
 	REJECTED
-CVE-2020-5428
-	RESERVED
-CVE-2020-5427
-	RESERVED
+CVE-2020-5428 (In applications using Spring Cloud Task 2.2.4.RELEASE and below, may b ...)
+	TODO: check
+CVE-2020-5427 (In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5 ...)
+	TODO: check
 CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting plaintext tran ...)
 	NOT-FOR-US: Vmware
 CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...)
@@ -59481,8 +59485,8 @@ CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could all
 	NOT-FOR-US: IBM
 CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...)
 	NOT-FOR-US: IBM
-CVE-2020-4967
-	RESERVED
+CVE-2020-4967 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive inf ...)
+	TODO: check
 CVE-2020-4966 (IBM Security Identity Governance and Intelligence 5.2.6 does not set t ...)
 	NOT-FOR-US: IBM
 CVE-2020-4965
@@ -59511,8 +59515,8 @@ CVE-2020-4954
 	RESERVED
 CVE-2020-4953
 	RESERVED
-CVE-2020-4952
-	RESERVED
+CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...)
+	TODO: check
 CVE-2020-4951
 	RESERVED
 CVE-2020-4950
@@ -59685,8 +59689,8 @@ CVE-2020-4867
 	RESERVED
 CVE-2020-4866
 	RESERVED
-CVE-2020-4865
-	RESERVED
+CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+	TODO: check
 CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...)
 	NOT-FOR-US: IBM
 CVE-2020-4863
@@ -59705,8 +59709,8 @@ CVE-2020-4857
 	RESERVED
 CVE-2020-4856
 	RESERVED
-CVE-2020-4855
-	RESERVED
+CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+	TODO: check
 CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...)
 	NOT-FOR-US: IBM
 CVE-2020-4853
@@ -59775,18 +59779,18 @@ CVE-2020-4822
 	RESERVED
 CVE-2020-4821
 	RESERVED
-CVE-2020-4820
-	RESERVED
+CVE-2020-4820 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site  ...)
+	TODO: check
 CVE-2020-4819
 	RESERVED
 CVE-2020-4818
 	RESERVED
 CVE-2020-4817
 	RESERVED
-CVE-2020-4816
-	RESERVED
-CVE-2020-4815
-	RESERVED
+CVE-2020-4816 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacke ...)
+	TODO: check
+CVE-2020-4815 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to ...)
+	TODO: check
 CVE-2020-4814
 	RESERVED
 CVE-2020-4813
@@ -59837,17 +59841,17 @@ CVE-2020-4791
 	RESERVED
 CVE-2020-4790
 	RESERVED
-CVE-2020-4789
-	RESERVED
+CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+	TODO: check
 CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...)
 	{DLA-2483-1}
 	- linux 5.9.11-1
 	[buster] - linux 4.19.160-1
 	[stretch] - linux <ignored> (powerpc architectures not included in LTS)
-CVE-2020-4787
-	RESERVED
-CVE-2020-4786
-	RESERVED
+CVE-2020-4787 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+	TODO: check
+CVE-2020-4786 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+	TODO: check
 CVE-2020-4785 (IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1. ...)
 	NOT-FOR-US: IBM
 CVE-2020-4784
@@ -60162,8 +60166,8 @@ CVE-2020-4630
 	RESERVED
 CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4628
-	RESERVED
+CVE-2020-4628 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a re ...)
+	TODO: check
 CVE-2020-4627 (IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS ...)
 	NOT-FOR-US: IBM
 CVE-2020-4626 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive infor ...)
@@ -60324,8 +60328,8 @@ CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to exe
 	NOT-FOR-US: IBM
 CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4547
-	RESERVED
+CVE-2020-4547 (IBM Jazz Foundation products could allow a remote attacker to hijack t ...)
+	TODO: check
 CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
 	NOT-FOR-US: IBM
 CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...)
@@ -60370,8 +60374,8 @@ CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cros
 	NOT-FOR-US: IBM
 CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
 	NOT-FOR-US: IBM
-CVE-2020-4524
-	RESERVED
+CVE-2020-4524 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+	TODO: check
 CVE-2020-4523
 	RESERVED
 CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
@@ -61040,8 +61044,8 @@ CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographi
 	NOT-FOR-US: IBM
 CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...)
 	NOT-FOR-US: IBM
-CVE-2020-4189
-	RESERVED
+CVE-2020-4189 (IBM Security Guardium 11.2 discloses sensitive information in the resp ...)
+	TODO: check
 CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...)
 	NOT-FOR-US: IBM
 CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 7f5363599a..f5e6ce91e0 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,25 @@
+CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and  ...)
+	TODO: check
+CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
+	TODO: check
+CVE-2021-3324
+	RESERVED
+CVE-2021-3323
+	RESERVED
+CVE-2021-3322
+	RESERVED
+CVE-2021-3321
+	RESERVED
+CVE-2021-3320
+	RESERVED
+CVE-2021-3319
+	RESERVED
+CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
+	TODO: check
+CVE-2021-26274
+	RESERVED
+CVE-2021-26273
+	RESERVED
 CVE-2021-XXXX [glibc: assertion failure in ISO-2022-JP-3 module]
 	- glibc <unfixed> (bug #981198)
 	[buster] - glibc <no-dsa> (Minor issue)
@@ -372,10 +394,10 @@ CVE-2021-26120
 	RESERVED
 CVE-2021-26119
 	RESERVED
-CVE-2021-26118
-	RESERVED
-CVE-2021-26117
-	RESERVED
+CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
+	TODO: check
+CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...)
+	TODO: check
 CVE-2021-26116
 	RESERVED
 CVE-2021-26115
@@ -839,8 +861,8 @@ CVE-2021-3274
 	RESERVED
 CVE-2021-3273
 	RESERVED
-CVE-2021-3272
-	RESERVED
+CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...)
+	TODO: check
 CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...)
 	NOT-FOR-US: PressBooks
 CVE-2021-3270
@@ -2239,13 +2261,11 @@ CVE-2021-3176
 	RESERVED
 CVE-2021-3175
 	RESERVED
-CVE-2021-25312 [HTCONDOR-2021-0001]
-	RESERVED
+CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...)
 	- condor <undetermined>
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html
 	TODO: check details, as according to advisory specific versions are mentioned
-CVE-2021-25311 [HTCONDOR-2021-0002]
-	RESERVED
+CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversal outs ...)
 	- condor <undetermined>
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html
 	TODO: check details, according to advisory, only affects versions starting at 8.9.7 but details are not clear
@@ -5067,6 +5087,7 @@ CVE-2021-23965
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
 CVE-2021-23964
 	RESERVED
+	{DSA-4840-1}
 	- firefox-esr 78.7.0esr-1
 	- firefox 85.0-1
 	- thunderbird <unfixed>
@@ -5087,6 +5108,7 @@ CVE-2021-23961
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
 CVE-2021-23960
 	RESERVED
+	{DSA-4840-1}
 	- firefox-esr 78.7.0esr-1
 	- firefox 85.0-1
 	- thunderbird <unfixed>
@@ -5115,6 +5137,7 @@ CVE-2021-23955
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
 CVE-2021-23954
 	RESERVED
+	{DSA-4840-1}
 	- firefox-esr 78.7.0esr-1
 	- firefox 85.0-1
 	- thunderbird <unfixed>
@@ -5123,6 +5146,7 @@ CVE-2021-23954
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
 CVE-2021-23953
 	RESERVED
+	{DSA-4840-1}
 	- firefox-esr 78.7.0esr-1
 	- firefox 85.0-1
 	- thunderbird <unfixed>
@@ -7793,12 +7817,12 @@ CVE-2021-22657
 	RESERVED
 CVE-2021-22656
 	RESERVED
-CVE-2021-22655
-	RESERVED
+CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
+	TODO: check
 CVE-2021-22654
 	RESERVED
-CVE-2021-22653
-	RESERVED
+CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...)
+	TODO: check
 CVE-2021-22652
 	RESERVED
 CVE-2021-22651
@@ -7821,12 +7845,12 @@ CVE-2021-22643
 	RESERVED
 CVE-2021-22642
 	RESERVED
-CVE-2021-22641
-	RESERVED
+CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the  ...)
+	TODO: check
 CVE-2021-22640
 	RESERVED
-CVE-2021-22639
-	RESERVED
+CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
+	TODO: check
 CVE-2021-22638
 	RESERVED
 CVE-2021-22637
@@ -12519,8 +12543,8 @@ CVE-2021-20359
 	RESERVED
 CVE-2021-20358
 	RESERVED
-CVE-2021-20357
-	RESERVED
+CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+	TODO: check
 CVE-2021-20356
 	RESERVED
 CVE-2021-20355
author	security tracker role <sectracker@soriano.debian.org>	2021-01-27 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-01-27 20:10:22 +0000
commit	555e78bc45263a9494870ee2e8cc6d03dc26cf78 (patch)
tree	28b4f9497203d263326af74c657565a99fe782f3
parent	eb4d77acdfd77d2c9ceb772aecc7632aa947f87d (diff)